Commit Graph

10507 Commits

Author SHA1 Message Date
Nico Kadel-Garcia b2491c289d Switch %define to %global for redhat/openssh.spec 2020-02-22 11:48:05 +11:00
mkontani b18dcf6cca fix some typos and sentence 2020-02-21 12:29:05 +11:00
dtucker@openbsd.org 0001576a09 upstream: Fix some typos and an incorrect word in docs. Patch from
itoama at live.jp via github PR#172.

OpenBSD-Commit-ID: 166ee8f93a7201fef431b9001725ab8b269d5874
2020-02-21 12:27:23 +11:00
dtucker@openbsd.org 99ff8fefe4 upstream: Update moduli generation script to new ssh-keygen
generation and screening command line flags.

OpenBSD-Commit-ID: 5010ff08f7ad92082e87dde098b20f5c24921a8f
2020-02-21 11:11:08 +11:00
dtucker@openbsd.org 700d16f5e5 upstream: Import regenerated moduli.
OpenBSD-Commit-ID: 7b7b619c1452a459310b0cf4391c5757c6bdbc0f
2020-02-21 11:10:25 +11:00
Darren Tucker 4753b74ba0 Import regenerated moduli. 2020-02-20 16:42:50 +11:00
HARUYAMA Seigo 11d4271627 Fix typos in INSTALL: s/avilable/available/ s/suppports/supports/ 2020-02-18 20:24:44 +11:00
dtucker@openbsd.org 264a966216 upstream: Ensure that the key lifetime provided fits within the
values allowed by the wire format (u32). Prevents integer wraparound of the
timeout values. bz#3119, ok markus@ djm@

OpenBSD-Commit-ID: 8afe6038b5cdfcf63360788f012a7ad81acc46a2
2020-02-18 20:23:25 +11:00
dtucker@openbsd.org de1f3564cd upstream: Detect and prevent simple configuration loops when using
ProxyJump. bz#3057, ok djm@

OpenBSD-Commit-ID: 077d21c564c886c98309d871ed6f8ef267b9f037
2020-02-18 20:23:25 +11:00
naddy@openbsd.org 30144865bf upstream: document -F none; with jmc@
OpenBSD-Commit-ID: 0eb93b75473d2267aae9200e02588e57778c84f2
2020-02-18 20:23:25 +11:00
Darren Tucker 011052de73 Remove unused variable warning. 2020-02-17 22:55:51 +11:00
Darren Tucker 31c9348c5e Constify aix_krb5_get_principal_name.
Prevents warning about discarding type qualifiers on AIX.
2020-02-17 22:53:24 +11:00
Darren Tucker 290c994336 Check if TILDE is already defined and undef.
Prevents redefinition warning on AIX.
2020-02-17 22:51:36 +11:00
Darren Tucker 41a2e64ae4 Prevent unused variable warning. 2020-02-17 22:51:00 +11:00
Darren Tucker d4860ec4ef Check if getpeereid is actually declared.
Check in sys/socket.h (AIX) and unistd.h (FreeBSD, DragonFLy and OS X).
Prevents undeclared function warning on at least some versions of AIX.
2020-02-17 22:48:50 +11:00
djm@openbsd.org 8aa3455b16 upstream: openssh-8.2
OpenBSD-Commit-ID: 0a1340ff65fad0d84b997ac58dd1b393dec7c19b
2020-02-14 11:40:54 +11:00
Damien Miller 72f0ce33f0 crank version numbers 2020-02-12 09:28:35 +11:00
Darren Tucker b763ed05bd Minor documentation update:
- remove duplication of dependency information (it's all in INSTALL).
 - SSHFP is now an RFC.
2020-02-11 12:51:24 +11:00
Darren Tucker 14ccfdb724 Check if UINT32_MAX is defined before redefining. 2020-02-09 11:23:35 +11:00
Damien Miller be075110c7 typo; reported by Phil Pennock 2020-02-07 15:13:26 +11:00
djm@openbsd.org 963d71851e upstream: sync the description of the $SSH_SK_PROVIDER environment
variable with that of the SecurityKeyProvider ssh/sshd_config(5) directive,
as the latter was more descriptive.

OpenBSD-Commit-ID: 0488f09530524a7e53afca6b6e1780598022552f
2020-02-07 15:03:20 +11:00
dtucker@openbsd.org d4d9e1d405 upstream: Add ssh -Q key-sig for all key and signature types.
Teach ssh -Q to accept ssh_config(5) and sshd_config(5) algorithm keywords as
an alias for the corresponding query.  Man page help jmc@, ok djm@.

OpenBSD-Commit-ID: 1e110aee3db2fc4bc5bee2d893b7128fd622e0f8
2020-02-07 15:03:20 +11:00
djm@openbsd.org fd68dc2786 upstream: fix two PIN entry bugs on FIDO keygen: 1) it would allow more
than the intended number of prompts (3) and 2) it would SEGV too many
incorrect PINs were entered; based on patch by Gabriel Kihlman

OpenBSD-Commit-ID: 9c0011f28ba8bd8adf2014424b64960333da1718
2020-02-07 14:31:02 +11:00
djm@openbsd.org 96bd895a0a upstream: When using HostkeyAlgorithms to merely append or remove
algorithms from the default set (i.e. HostkeyAlgorithms=+/-...), retain the
default behaviour of preferring those algorithms that have existing keys in
known_hosts; ok markus

OpenBSD-Commit-ID: 040e7fcc38ea00146b5d224ce31ce7a1795ee6ed
2020-02-07 09:53:00 +11:00
djm@openbsd.org c728848673 upstream: expand HostkeyAlgorithms prior to config dump, matching
other algorithm lists; ok markus@

OpenBSD-Commit-ID: a66f0fca8cc5ce30405a2867bc115fff600671d0
2020-02-07 09:53:00 +11:00
naddy@openbsd.org a6ac5d36ef upstream: Add Include to the list of permitted keywords after a
Match keyword. ok markus@

OpenBSD-Commit-ID: 342e940538b13dd41e0fa167dc9ab192b9f6e2eb
2020-02-07 09:53:00 +11:00
naddy@openbsd.org a47f6a6c0e upstream: Replace "security key" with "authenticator" in program
messages.

This replaces "security key" in error/usage/verbose messages and
distinguishes between "authenticator" and "authenticator-hosted key".

ok djm@

OpenBSD-Commit-ID: 7c63800e9c340c59440a054cde9790a78f18592e
2020-02-07 09:52:59 +11:00
Darren Tucker 849a9b8714 Don't look for UINT32_MAX in inttypes.h
... unless we are actually going to use it.  Fixes build on HP-UX
without the potential impact to other platforms of a header change
shortly before release.
2020-02-06 12:21:49 +11:00
Damien Miller a2437f8ed0 depend 2020-02-06 12:02:22 +11:00
Michael Forney 9716e8c495 Fix sha2 MAKE_CLONE no-op definition
The point of the dummy declaration is so that MAKE_CLONE(...) can have
a trailing semicolon without introducing an empty declaration. So,
the macro replacement text should *not* have a trailing semicolon,
just like DEF_WEAK.
2020-02-06 11:53:38 +11:00
djm@openbsd.org d596b1d30d upstream: require FIDO application strings to start with "ssh:"; ok
markus@

OpenBSD-Commit-ID: 94e9c1c066d42b76f035a3d58250a32b14000afb
2020-02-04 21:08:10 +11:00
djm@openbsd.org 501f358243 upstream: revert enabling UpdateHostKeys by default - there are still
corner cases we need to address; ok markus

OpenBSD-Commit-ID: ff7ad941bfdc49fb1d8baa95fd0717a61adcad57
2020-02-04 10:52:17 +11:00
jmc@openbsd.org 072f3b832d upstream: use better markup for challenge and write-attestation, and
rejig the challenge text a little;

ok djm

OpenBSD-Commit-ID: 9f351e6da9edfdc907d5c3fdaf2e9ff3ab0a7a6f
2020-02-04 10:00:18 +11:00
Damien Miller 262eb05a22 mention libfido2 in dependencies section 2020-02-03 21:22:15 +11:00
Damien Miller ccd3b247d5 add clock_gettime64(2) to sandbox allowed syscalls
bz3093
2020-02-03 19:40:12 +11:00
dtucker@openbsd.org adffbe1c64 upstream: Output (none) in debug in the case in the CheckHostIP=no case
as suggested by markus@

OpenBSD-Commit-ID: 4ab9117ee5261cbbd1868717fcc3142eea6385cf
2020-02-02 21:18:07 +11:00
dtucker@openbsd.org 58c819096a upstream: Prevent possible null pointer deref of ip_str in debug.
OpenBSD-Commit-ID: 37b252e2e6f690efed6682437ef75734dbc8addf
2020-02-02 20:31:48 +11:00
jmc@openbsd.org 0facae7bc8 upstream: shuffle the challenge keyword to keep the -O list sorted;
OpenBSD-Commit-ID: 08efad608b790949a9a048d65578fae9ed5845fe
2020-02-02 20:25:09 +11:00
jmc@openbsd.org 6fb3dd0ccd upstream: tweak previous;
OpenBSD-Commit-ID: 0c42851cdc88583402b4ab2b110a6348563626d3
2020-02-02 20:25:09 +11:00
Darren Tucker 92725d4d3f Use sys-queue.h from compat library.
Fixes build on platforms that don't have sys/queue.h (eg MUSL).
2020-02-01 17:25:09 +11:00
djm@openbsd.org 677d0ece67 upstream: regress test for sshd_config Include directive; from Jakub
Jelen

OpenBSD-Regress-ID: 0d9224de3297c7a5f51ba68d6e3725a2a9345fa4
2020-02-01 10:28:33 +11:00
djm@openbsd.org d4f4cdd681 upstream: whitespace
OpenBSD-Commit-ID: 564cf7a5407ecf5da2d94ec15474e07427986772
2020-02-01 10:22:33 +11:00
djm@openbsd.org 245399dfb3 upstream: force early logging to stderr if debug_flag (-d) is set;
avoids missing messages from re-exec config passing

OpenBSD-Commit-ID: 02484b8241c1f49010e7a543a7098e6910a8c9ff
2020-02-01 10:22:32 +11:00
djm@openbsd.org 7365f28a66 upstream: mistake in previous: filling the incorrect buffer
OpenBSD-Commit-ID: 862ee84bd4b97b529f64aec5d800c3dcde952e3a
2020-02-01 10:22:10 +11:00
djm@openbsd.org c2bd7f74b0 upstream: Add a sshd_config "Include" directive to allow inclusion
of files. This has sensible semantics wrt Match blocks and accepts glob(3)
patterns to specify the included files. Based on patch by Jakub Jelen in
bz2468; feedback and ok markus@

OpenBSD-Commit-ID: 36ed0e845b872e33f03355b936a4fff02d5794ff
2020-02-01 10:20:24 +11:00
jmc@openbsd.org ba261a1dd3 upstream: spelling fix;
OpenBSD-Commit-ID: 3c079523c4b161725a4b15dd06348186da912402
2020-02-01 10:15:27 +11:00
djm@openbsd.org 771891a044 upstream: document changed default for UpdateHostKeys
OpenBSD-Commit-ID: 25c390b21d142f78ac0106241d13441c4265fd2c
2020-01-31 09:27:10 +11:00
djm@openbsd.org d53a518536 upstream: enable UpdateKnownHosts=yes if the configuration
specifies only the default known_hosts files, otherwise select
UpdateKnownHosts=ask; ok markus@

OpenBSD-Commit-ID: ab401a5ec4a33d2e1a9449eae6202e4b6d427df7
2020-01-31 09:27:10 +11:00
Darren Tucker bb63ff844e Look in inttypes.h for UINT32_MAX.
Should prevent warnings on at least some AIX versions.
2020-01-30 18:54:42 +11:00
djm@openbsd.org afeb6a960d upstream: use sshpkt_fatal() instead of plain fatal() for
ssh_packet_write_poll() failures here too as the former yields better error
messages; ok dtucker@

OpenBSD-Commit-ID: 1f7a6ca95bc2b716c2e948fc1370753be772d8e3
2020-01-30 18:22:34 +11:00